iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Cyber attacks on Taiwanese organisations have spiked in recent days as part of a wider campaign that intends to disrupt Taiwan’s recent elections, according to new reports.
According to US cyber security firm Trellix, attacks on Taiwanese organisations more than doubled within the 24 hours preceding the Taiwan election on 13 January, with the majority of the attacks targeting government offices and agencies, law enforcement departments and financial organisations, with bank statements, police reports, internal communications and insurance information all of particular interest.
“Malicious cyber activity rose significantly from 1,758 detections on January 11 to over 4,300 on January 12, 2024, the highest detection since the prior month of December 2023,” wrote Trellix.
“Interestingly, Trellix telemetry shows that threat activity dropped dramatically on election day, with a little over 1,000 detections on January 13, 2024.”
Trellix attributes the drop in cyber activity on the day of the election to the nature of Taiwan’s polling system, which is done “manually and in person” with paper ballots, ballot boxes and tallying ballots.
As a result, cyber hacking is unlikely to have a significant impact on the election “infrastructure”.
Trellix believes that the hacking campaign was the act of Chinese hackers, largely due to the political tension between the two countries.
“The cross-strait political context is that Taiwan’s presidential election results defied Beijing’s wishes and handed the ruling party a historic third consecutive presidential victory,” wrote Trellix.
“As background, China had openly opposed William Lai from Taiwan’s ruling party, the Democratic Progressive Party (DPP), before he won the island’s presidential election with more than 40 per cent of the vote.
“The Chinese authorities also cautioned that the election could shift the cross-strait relationship away from peace if the DPP gets re-elected.”
Despite the drop off in hacker activity following the election, Trellix said that due to the techniques the Chinese hackers are believed to be using, Taiwanese businesses aren’t out of the woods yet.
“[The data indicates that] threat actors operating behind these malicious activities leverage a number of living off-the-land tools, such as NETSH, Windows command prompts, reg, and PowerShell,” added Trellix.
Living-off-the-land techniques involve the exploitation of legitimate programs to access victim systems rather than using aggressive malware. This makes attackers much harder to detect, allowing them to remain on a victim’s network for a long period of time.
The infamous Chinese state-sponsored threat group Volt Typhoon was reportedly on US critical infrastructure networks for at least five years, according to recent reports. The group is well known for using living-off-the-land techniques.
Currently, it is unknown whether the threat actors achieved their goals in their attack, as the election was not disrupted, nor were there any “political scandals in the lead-up to the Taiwan election”, said Trellix.
“Perhaps the cyber threat activities were not successful or did not uncover sensitive information about the targeted political candidates. Perhaps Taiwan’s election defences were seasoned and hardened to ward off such attempts,” added Trellix.
There is much to be learnt from the recent campaign against Taiwanese democracy, the lessons of which can be applied to the upcoming US presidential elections in November, as similar strategies may be used to derail democratic process.
Be the first to hear the latest developments in the cyber industry.
